Hello! Some big news -- Tata Motors had a major data leak, and it is making a splash in the tech and auto sectors. About 70 terabytes (of data) (which is a lot of data!) was left exposed to the internet. This data consisted of customer records, test drive information, invoicing, and internal company documents. We will discuss what actually happened, in layman's terms.
When someone uses a connecting car app, one would expect their information to be retained privately. But here is Tata Motors, a nearly trillion-dollar company, after a minor exposure, costing themselves millions of dollars. This advertises potential customers to think twice about using their information online.
• Personal information — Mames, addresses, PAN numbers.
• Fleet and test drive information — Vehicle locations and details.
• Company information — Dealer analytics and business reports.
What is scary about this issue is that hackers didn't even need to hack anything. The data was simply there to be found!
So, the next time you use an app or share personal information, ask yourself if you really need to. It is probably not just enormous passwords that you should be concerned about —it’s be mindful at all times about our online security.
What Happened
A cyber-security researcher discovered that Tata Motors had an online system that accidentally exposed some files. The important detail is that they inadvertently left access to critical Amazon (AWS) access keys public. This access essentially gave access to the storage which contained:- Customer information that included names, addresses, and PAN numbers;
- Dealer reports, invoicing and financial information;
- Test drive and fleet tracking information to the tune of over 70TB.
How They Found It
The research noticed that the keys were inside Tata's websites and shunter digital tools like "E-Dukaan" and "FleetEdge." Anyone that knew where to look could easily access Tata's information on the dark web.The Significance of the Matter
Loss of Customer TrustWhen someone uses a connecting car app, one would expect their information to be retained privately. But here is Tata Motors, a nearly trillion-dollar company, after a minor exposure, costing themselves millions of dollars. This advertises potential customers to think twice about using their information online.
What Information Was Exposed?
Here is a quick summary:• Personal information — Mames, addresses, PAN numbers.
• Fleet and test drive information — Vehicle locations and details.
• Company information — Dealer analytics and business reports.
What is scary about this issue is that hackers didn't even need to hack anything. The data was simply there to be found!
What Did Tata Motors Do After?
Tata Motors addressed the issue quickly. But the question remains — did they notify all of the affected customers. It is still not clear. After a breach, transparency is the best practice, and Tata Motors is receiving some backlash in that respect.Takeaways
- Here's the takeaway — All companies and users alike:
- Do not store passwords or keys in plain text – it is like leaving your house keys under the mat.
- Perform system checks on a regular basis to find a problem before the hackers do so.
- As a user, be mindful of what data your apps access, what data they collect, and who they share that data with.
Wrapping Up
This is not just related to this one company — This is a reminder for everyone that even a big company can make mistakes with serious consequences. If Tata motors can lose 70TB of data, then it is very likely that a smaller company could do the same thing.So, the next time you use an app or share personal information, ask yourself if you really need to. It is probably not just enormous passwords that you should be concerned about —it’s be mindful at all times about our online security.
